On 11/18/05, Drago <dragotr at gmail dot com> wrote:
> this has been discussed already. you can add deny rule on the external
> interface to prevent access to port 1723.
no, you can't. The allow rule is automatically added before any
user-defined rules.
as for it not being like this before, it's been like this since at
least 1.0, can't speak for versions prior to that as I've never used
them.
I'd agree it would be nice to have an advanced option to unhide the
rules for things like PPTP, IPsec, etc.
-Chris